PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Using XML: A PHP Developer's Primer, Part 2
Sending Mail With PHP3
Cached Dynamic Modules pt 3
In Case You Missed It...The Week of December 12th, 2005
Displaying Formatted User Input

php-general | 2001092

[PHP] Re: [PHP-DB] Cross site authentication From: Rick Gardner (webphp <email protected>)
Date: 09/19/01

Next message: Christian Reiniger: "Re: [PHP] PHP vs M$.NET C#?"
Previous message: Bill Lubanovic: "[PHP] Re: [PHP-DB] Cross site authentication"
In reply to: Bill Lubanovic: "[PHP] Re: [PHP-DB] Cross site authentication"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Could this be solved by including a physical config file on the server
with allowed IP addresses or keys of some sort? (I'm not sure how much
control you have over both boxes.)

Rick
On Wednesday, September 19, 2001, at 10:59 AM, Bill Lubanovic wrote:

>
>
>> "Hoover, Josh" wrote:
>>
>> What about if your XML-RPC calls are run over SSL? That would make
>> them secure I believe. Now the question becomes whether any of the
>> PHP XML-RPC classes support SSL. Anyone know if any/all of the
>> classes support SSL?
>>
>> Josh Hoover
>> KnowledgeStorm, Inc.
>> jhoover <email protected>
>>
>> Searching for a new IT solution for your company? Need to improve your
>> product marketing?
>> Visit KnowledgeStorm at www.knowledgestorm.com to learn how we can
>> simplify the process for you.
>> KnowledgeStorm - Your IT Search Starts Here
>>
>>> XML-RPC or SOAP structure the data better than GET or POST, but they
>>
>>> don't address the security issues. We can't send names, passwords,
>> or
>>> ids, no matter how we wrap them. How can platform A tell platform
>> B
>>> that it's authenticated someone? How can B trust A?
>
> SSL avoids the problem of someone sniffing the plain text data. We
> still have the problem: what data do we send? Anyone can forge
> credentials and send them over SSL. How does B know it came from A? I'm
> thinking of some key exchange method, but portability between the
> Microsoft and UNIX worlds makes this even trickier.
>
> --
> Bill Lubanovic
> Mad Scheme Limited
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: php-db-unsubscribe <email protected>
> For additional commands, e-mail: php-db-help <email protected>
> To contact the list administrators, e-mail: php-list-admin <email protected>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general-unsubscribe <email protected>
For additional commands, e-mail: php-general-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

Next message: Christian Reiniger: "Re: [PHP] PHP vs M$.NET C#?"
Previous message: Bill Lubanovic: "[PHP] Re: [PHP-DB] Cross site authentication"
In reply to: Bill Lubanovic: "[PHP] Re: [PHP-DB] Cross site authentication"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]